lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171006222023.62cxfctvehmn4wi7@treble>
Date:   Fri, 6 Oct 2017 17:20:23 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Joe Lawrence <joe.lawrence@...hat.com>
Cc:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jessica Yu <jeyu@...nel.org>, Jiri Kosina <jikos@...nel.org>,
        Miroslav Benes <mbenes@...e.cz>, Petr Mladek <pmladek@...e.com>
Subject: Re: [PATCH v2] livepatch: unpatch all klp_objects if
 klp_module_coming fails

On Thu, Oct 05, 2017 at 04:55:43PM -0500, Josh Poimboeuf wrote:
> On Mon, Oct 02, 2017 at 11:56:48AM -0400, Joe Lawrence wrote:
> > When an incoming module is considered for livepatching by
> > klp_module_coming(), it iterates over multiple patches and multiple
> > kernel objects in this order:
> > 
> > 	list_for_each_entry(patch, &klp_patches, list) {
> > 		klp_for_each_object(patch, obj) {
> > 
> > which means that if one of the kernel objects fails to patch,
> > klp_module_coming()'s error path needs to unpatch and cleanup any kernel
> > objects that were already patched by a previous patch.
> > 
> > Reported-by: Miroslav Benes <mbenes@...e.cz>
> > Suggested-by: Petr Mladek <pmladek@...e.com>
> > Signed-off-by: Joe Lawrence <joe.lawrence@...hat.com>
> > ---
> > v2:
> > 
> >  - cleanup comment describing the new function
> >  - s/klp_cleanup_module_objects_limited/klp_cleanup_module_patches_limited
> >  - added a suggested-by tag for Petr since he suggested both code and
> >    commentary :)
> > 
> >  kernel/livepatch/core.c | 60 ++++++++++++++++++++++++++++++-------------------
> >  1 file changed, 37 insertions(+), 23 deletions(-)
> > 
> > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> > index b9628e43c78f..bf8c8fd72589 100644
> > --- a/kernel/livepatch/core.c
> > +++ b/kernel/livepatch/core.c
> > @@ -830,6 +830,41 @@ int klp_register_patch(struct klp_patch *patch)
> >  }
> >  EXPORT_SYMBOL_GPL(klp_register_patch);
> >  
> > +/*
> > + * Remove parts of patches that touch a given kernel module. The list of
> > + * patches processed might be limited. When limit is NULL, all patches
> > + * will be handled.
> > + */
> > +static void klp_cleanup_module_patches_limited(struct module *mod,
> > +					       struct klp_patch *limit)
> 
> One nit, I think the function name is too verbose.  It already has a
> 'limit' argument, so I think putting 'limited' in the name is too much
> detail.  I would just call it klp_cleanup_module_patches().

I rescind my nit.  I forgot that the 'limited' suffix is already a
convention used throughout the livepatch code.  So my ack is
unconditional now.

Acked-by: Josh Poimboeuf <jpoimboe@...hat.com>

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ